Scribd Logo
Unggah

Selamat datang di Scribd!

  • Commands

    Diunggah oleh

    محمد الصنومي
    25 tayangan4 halaman

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    TXT, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    25 tayangan4 halaman

    Commands

    Diunggah oleh

    محمد الصنومي

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 4

    Branch (R1)

    hostname Branch
    !
    interface Loopback1
    description Branch LAN
    ip address 192.168.1.1 255.255.255.0
    !
    interface Serial0/0/1
    description Connection to ISP
    ip address 209.165.200.242 255.255.255.248
    bandwidth 64
    no shut
    !
    ip route 0.0.0.0 0.0.0.0 209.165.200.241
    ip access-list extended Rsanaa-NAT-ACL
    deny ip 192.168.1.0 0.0.0.255 172.18.0.0 0.0.255.255
    permit ip 192.168.1.0 0.0.0.255 any
    exit
    !
    ip nat pool Rsanaa-NAT-POOL 209.165.200.249 209.165.200.254 net 255.255.255.248
    !
    ip nat inside source list Rsanaa-NAT-ACL pool Rsanaa-NAT-POOL
    !
    interface s0/0/0
    ip nat inside
    exit
    interface s0/1/0
    ip nat inside
    exit
    interface s0/1/1
    ip nat inside
    exit
    !
    interface Serial0/0/1
    ip nat outside
    exit
    ==================

    end
    HQ (R2)
    hostname HQ
    !
    interface Loopback1
    description Headquarters LAN
    ip address 10.10.10.1 255.255.255.0
    !
    interface Serial0/0/1
    description Connection to ISP
    ip address 209.165.200.226 255.255.255.248
    clock rate 64000
    bandwidth 64
    no shut
    !
    ip route 0.0.0.0 0.0.0.0 209.165.200.225

    interface Loopback 0
    description HQ email server address
    ip add 10.10.20.238 255.255.255.0
    !
    ip nat pool Raden-NAT-POOL 209.165.200.233 209.165.200.237 net 255.255.255.248
    ip nat inside source list Raden-NAT-ACL pool Raden-NAT-POOL
    ip nat inside source static 172.18.1.0 209.165.200.238
    !
    ip access-list extended Raden-NAT-ACL
    deny ip 172.18.1.0 0.0.255.255 192.168.1.0 0.0.0.255
    permit ip 172.18.0.0 0.0.255.255 any
    exit
    !
    interface s0/0/0
    ip nat inside
    !
    interface s0/1/0
    ip nat inside
    !
    interface Serial0/0/1
    ip nat outside
    exit
    crypto isakmp policy 1
    encryption aes
    authentication pre-share
    group 2
    crypto isakmp key cisco123 address 209.165.200.242
    !
    crypto ipsec transform-set Branch-VPN esp-3des esp-sha-hmac
    !
    crypto map Branch-MAP 10 ipsec-isakmp
    set peer 209.165.200.242
    set transform-set Branch-VPN
    match address Branch-VPN-ACL
    !
    ip access-list extended Branch-VPN-ACL
    remark HQ to Branch traffic to trigger VPN
    permit ip 10.10.0.0 0.0.255.255 192.168.1.0 0.0.0.255
    !
    interface Serial0/0/1
    crypto map Branch-MAP
    end
    ===========
    end
    ISP (R3)
    hostname ISP
    interface Loopback1
    description Simulating the Internet
    ip address 209.165.202.129 255.255.255.240
    !
    interface Serial0/0/0
    description Connection to Branch
    ip address 209.165.200.241 255.255.255.248
    clock rate 64000
    bandwidth 64
    no shut

    !
    interface Serial0/0/1
    description Connection to HQ
    ip address 209.165.200.225 255.255.255.248
    bandwidth 64
    no shut
    ip route 209.165.200.232 255.255.255.248 Serial0/0/1
    ip route 209.165.200.248 255.255.255.248 Serial0/0/0
    !
    end

    crypto isakmp policy 1


    encryption aes
    authentication pre-share
    group 2
    crypto isakmp key cisco123 address 209.165.200.226
    !
    crypto ipsec transform-set Raden-VPN esp-3des esp-sha-hmac
    !
    crypto map HQ-MAP 10 ipsec-isakmp
    set peer 209.165.200.226
    set transform-set Raden-VPN
    match address Raden-VPN-ACL
    !
    ip access-list extended Raden-VPN-ACL
    permit ip 192.168.1.0 0.0.0.255 172.18.0.0 0.0.255.255
    !
    interface Serial0/0/1
    crypto map Raden-MAP
    end
    interface Tunnel0
    ip address 10.10.10.2 255.255.255.252
    tunnel source s0/0/1
    tunnel destination 209.165.200.226
    exit
    no ip access-list extended Raden-VPN-ACL
    ip access-list extended Raden-VPN-ACL
    permit gre host 209.165.200.242 host 209.165.200.226

    ==========
    crypto isakmp policy 1

    encryption aes
    authentication pre-share
    group 2
    crypto isakmp key cisco123 address 209.165.200.242
    !
    crypto ipsec transform-set Rsanaa-VPN esp-3des esp-sha-hmac
    !
    crypto map Branch-MAP 10 ipsec-isakmp
    set peer 209.165.200.242
    set transform-set Rsanaa-VPN
    match address Rsanaa-VPN-ACL
    !
    ip access-list extended Rsanaa-VPN-ACL
    permit ip 172.18.0.0 0.0.255.255 192.168.1.0 0.0.0.255
    !
    interface Serial0/0/1
    crypto map Rsanaa-MAP
    end

    interface Tunnel0
    ip address 10.10.10.1 255.255.255.252
    tunnel source s0/0/1
    tunnel destination 209.165.200.242
    exit

    no ip access-list extended Rsanaa-VPN-ACL


    ip access-list extended Rsanna-VPN-ACL
    permit gre host 209.165.200.226 host 209.165.200.242

    Anda mungkin juga menyukai